Bug 41522 - Check zone transfer
Check zone transfer
Status: NEEDMOREINFO
Product: USI
Classification: Unclassified
Component: usi-check tests
unspecified
Other Linux
: P5 normal
: ---
Assigned To: Christina Scheinig
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-06-10 11:18 CEST by Stefan Gohmann
Modified: 2018-12-21 09:00 CET (History)
3 users (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments
Check DNS SOA serial numbers (1.18 KB, text/plain)
2016-11-30 16:12 CET, Philipp Hahn
Details
Check DNS SOA serial numbers v2 (949 bytes, text/plain)
2016-11-30 16:39 CET, Philipp Hahn
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2016-06-10 11:18:45 CEST
The usi-check tool should check if the serial number is identical between the DNS server and the LDAP entry if the ldap backend is used.
Comment 1 Christina Scheinig univentionstaff 2016-11-29 09:52:48 CET
which serial number do you mean?
Comment 2 Philipp Hahn univentionstaff 2016-11-30 09:21:34 CET
(In reply to Christina Scheinig from comment #1)
> which serial number do you mean?

# ucr get dns/backend 
ldap
# dig +short @127.0.0.1 -p 53 `dnsdomainname` soa
master41.phahn.qa. root.phahn.qa. 36 28800 7200 604800 10800
                                  ^^
# dig +short @127.0.0.1 -p 7777 `dnsdomainname` soa
master41.phahn.qa. root.phahn.qa. 36 28800 7200 604800 10800
                                  ^^

<https://de.wikipedia.org/wiki/SOA_Resource_Record#Aufbau>
Comment 3 Philipp Hahn univentionstaff 2016-11-30 16:12:13 CET
Created attachment 8260 [details]
Check DNS SOA serial numbers

WIP
Comment 4 Philipp Hahn univentionstaff 2016-11-30 16:39:49 CET
Created attachment 8262 [details]
Check DNS SOA serial numbers v2
Comment 5 Christian Völker univentionstaff 2018-12-21 09:00:13 CET
Needs to be implemented as an additional online check while running on customer site.

The dig part can be parsed offline through info/dig_AXFR
But the ldap zone information is currently not collected at all.